Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

Compliance in the Cloud

In this video, you will learn how to be compliant with guidelines and standards within the cloud.
If we are moving into the cloud, we want to be sure that we can extend our compliance to the cloud. If we have data under most privacy legislation, if we have something that classes as personally identifiable data, and under the GDPR, bear in mind, this could be a telephone number, an email address. What constitutes personally identifiable information is very broad. So this responsibility sits with the person collecting the data, the data controller. If you have this data and you store it in the cloud, and the cloud provider fails, whose responsibility is it? Still your responsibility. So this is really important to understand.
Without cloud services, we have some restrictions that arise legally through legislation like GDPR that mean we cannot store personally identifiable information outside of a particular jurisdiction. So with the European Union and GDPR, you cannot store PII outside of the GDPR area unless there are equivalent protections provided as we described earlier in the course. So we need to understand, where is the cloud? Where is that data stored? And this is a big question. With big international companies like Microsoft, Google, Amazon, where are their data centres? Where are the administrators of those data centres? So the low cost of cloud is very attractive, but we have a very low visibility of how these services are maintained sometimes.
Some of these services, from an identity and access management perspective, and also from a security governance perspective, many of these services are very low-cost to initiate, and so remain very low-visible within, have a very low level of visibility within our organizations. So when we’re using these services, corporately, we may have good governance. But increasingly, what you’ll see is these arising through much more iterative use by employees, where employees just decide to start using something like Slack or Dropbox. So we need to make sure we can extend our governance locally to cover cloud services, that we manage procurement of cloud services, and also that any services we buy are compliant with whatever requirements we have.
Noncompliance becomes really easy with cloud services, and it can be accomplished without any awareness. You may not know what some of your users are doing with your data.

In this video, you will learn how to be compliant with guidelines and standards within the cloud. Important points to remember are:

  • the data controller retains accountability
  • personally identifiable information (PII) applies geographically
  • understand ‘where’ the data is stored, and where the administrators are

Reflect and share: Were you unaware of any of the points mentioned above? How will this change your operations? Share in the comments below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now